Difference between revisions of "Mac OS X"

From Forensics Wiki
Jump to: navigation, search
(External Links)
Line 26: Line 26:
 
* [[MacOS Process Monitoring]]
 
* [[MacOS Process Monitoring]]
 
* [[Acquiring a MacOS System with Target Disk Mode]]
 
* [[Acquiring a MacOS System with Target Disk Mode]]
 +
* [[Converting Binary Plists]]
  
 
== External Links ==
 
== External Links ==

Revision as of 13:40, 20 June 2012

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Apple Inc.'s Macintosh OS X (pronounced "OS Ten") is the operating system distributed with Apple computers. It includes heavily used several programs by default, including Apple Mail, a web browser called Safari, and an Apple Address Book, and iCal.

Contents

Quarantine event database

See [1]

Snow Leopard and earlier

/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEvents
SELECT datetime(LSQuarantineTimeStamp + 978307200, "unixepoch") as LSQuarantineTimeStamp, LSQuarantineAgentName, LSQuarantineOriginURLString, LSQuarantineDataURLString from LSQuarantineEvent;

Lion and later

/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2

Package Files (.PKG)

Package Files (.PKG) are XAR archives [2] that contain a cpio archive and metadata [3].

Also see

External Links

Apple Examiner